We all know that, expecially on a server accessible from the external world, having the compiler free to use for everyone may not be a good idea. Although this does not prevent people to, e.g., produce their own binaries on their machines and then transfer them to the server, denying the possibility to compile potentially malicious programs on a host machine makes crackers' work harder. Thus, I purpose that we install all compilers (in particular, gcc) with user ``root'', group ``compilation'' (or a new ad-hoc created group, whatever you like) and default permissions set to 640. So it may be a good idea to allow access by default only to some trusted users, those in the afore mentioned ``compilation'' group, for example. Sysadmins can easily modify /etc/group to enable some (hopefully, local) users to access the compiler(s). I know that sysadmins could do it by themselves, but at least with gcc: a) installed files go in a zillion different places b) people always forget to do it, so it would be a good default c) if _all_ ebuilds installing programs that produce in some way runnable binaries on a system are set to this behaviour (maybe in an appropriate eclass), it would be a good step towards improved security, imho. I did only quick researching about how to implement this, but it appears that it boils down to: - check before installation that the hypotetical group ``compilation'' exists. If not, create it. If I understand it correctly, a function already exists in eutils. enewgroup compilation - invoke ``make install'' in the following way: INSTALL_PROGRAM="/usr/bin/install -c -m 640 -o root -g compilation" \ INSTALL_DATA="/usr/bin/install -c -m 644 -o root -g compilation" make install For the gij binary, we must remember to make it 644 again. This should at least work for all those packages that use autoconf/automake (90% of projects out there?). Some relevant packages that could benefit of this new behaviour: - gcc - nasm We can't obviously apply these restrictions to interpreters. E.g. gcj is ok because the interpreter is gij, but some interpreters that are also compilers (clisp?) can't be set 640 for obvious reasons. Please let me know what are your feelings on this. Without being too rude. :-)
By 640 I guess you mean 750?
Yes, I'm sorry, programs need to have permission to execute. Dunno what I was thinking about when I wrote it. :-) Thanks Ciaran.
I do not see the security value in doing this
Yeah, I agree with solar here... there's no reason for doing this.